package com.zc.framework.shiro.security;

import com.zc.app.sys.dao.peer.SystemRoleMenuPeer;
import com.zc.app.sys.dao.peer.SystemUserPeer;
import com.zc.app.sys.dao.peer.SystemUserRolePeer;
import com.zc.app.sys.service.SystemRoleMenuService;
import com.zc.app.sys.service.SystemUserRoleService;
import com.zc.app.sys.service.SystemUserService;
import com.zc.framework.constants.GlobalConstants;
import com.zc.framework.shiro.bean.SystemAuthorizingUser;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;

/**
 * Created by zc on 2016/11/23.
 */
public class SystemAuthorizingRealm extends AuthorizingRealm {

    @Autowired
    private SystemUserService systemUserService;

    @Autowired
    private SystemUserRoleService systemUserRoleService;

    @Autowired
    private SystemRoleMenuService systemRoleMenuService;


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SystemAuthorizingUser authorizingUser = (SystemAuthorizingUser) principals.getPrimaryPrincipal();

        if(authorizingUser != null){
            //权限信息对象info,用来存放查出的用户的所有的角色（role）及权限（permission）
            SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

            //获得用户角色列表
            List<SystemUserRolePeer> systemUserRoles = systemUserRoleService.selectRoleListByAccountId(authorizingUser.getAccountId());
            List<Integer> roleIdList = new ArrayList<>();
            for (SystemUserRolePeer systemRole : systemUserRoles) {  // 添加用户角色信息
                simpleAuthorizationInfo.addRole(systemRole.getRoleName());
                roleIdList.add(systemRole.getRoleId());
            }

            //获得权限列表
            List<SystemRoleMenuPeer> systemRoleMenus = systemRoleMenuService.selectMenuListByRoleId(roleIdList);
            for(SystemRoleMenuPeer systemRoleMenu : systemRoleMenus){
                if(StringUtils.isNotBlank(systemRoleMenu.getPermission())){
                    // 添加基于Permission的权限信息
                    simpleAuthorizationInfo.addStringPermission(systemRoleMenu.getPermission());
                }
            }
            return simpleAuthorizationInfo;
        }
        return null;
    }

    /**
     * 认证回调
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        SystemUserPeer systemUserPeer = systemUserService.selectByLoginName(token.getUsername());
        if(systemUserPeer!=null){
            if(GlobalConstants.NO.equals(systemUserPeer.getStatus())){
                throw new DisabledAccountException();
            }

            SystemAuthorizingUser authorizingUser = new SystemAuthorizingUser(
                    systemUserPeer.getAccountId(),systemUserPeer.getLoginName(),
                    systemUserPeer.getUserName(),systemUserPeer.getRealName());

            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(authorizingUser,
                    systemUserPeer.getLoginPassword(), getName());
            return simpleAuthenticationInfo;
        }
        return null;
    }

}
